29 June 2010

I won't beat the drum regarding Mr. Gregory D Evans and his infamous security company, LIGATT Security. That topic has been covered thoroughly elsewhere, such as on Attrition.org. I was surprised at the issue of plagiarism that came up earlier this month and decided to evaluate the book myself.

What prompted me to do this audit was one major statement. In defense of his book, Mr. Evans spoke that "I wrote 60 percent of my book". (Source video, time marker 11:50). After reviewing Rothke's assessment again, there seems to be some grey area. In Rothke's assessment there was a total number of words copied from various other sources, but they weren't placed into the context of the total amount of content per chapter.

Here, I tried to provide that. I went page by page, paragraph by paragraph, to see where the material originated. The following chart is a complete page breakdown of various items that shows, in sequence, where material came from. I'm alleging that the material was copied from these sources, but chances are they he may have found an identical source with the same text. These are the sources that I came up with in my own research and for some there were multiple results.

For those following along at home, the page references on the left refer to the physical page in the book. To get the actual page number, subtract 30 from the reference shown here.

Want to follow along from home? The Register has a link to the full PDF of the book on their related news article.

World’s No. 1 Hacker

Source

1-4

Standard book introduction material

5-9

Gregory Evans biography

10-24

References, screenshots, bona fides

25-30

Table of Contents

31-34

Preface (The first page and few paragraphs of the second, and the last few paragraphs are by Evans - 648 words. The "top 10 cyber crimes" was copied from UltimateCentre)

Phase 1 – Reconnaissance (Copied with slight rewording from AthenaWebSecurity PDF) – In every few sentences is a slight rearrangement of words to fool plagiarism checks. For example, PDF reads:
“As an ethical hacker you must be aware of the tools and techniques that are deployed by attackers”
Evan’s book reads:
“As an ethnical (sic) hacker, you must be aware of the tools and techniques that attackers deploy”

UPDATE: 21 Jul 10 - I noticed on 227 (197) "You might know that my name is Michael Gregg and because I'm the author of this book..."

230

Blank Notes page

231-239

Spoofing and Hijacking (Copied likely from here, but some ultimately came from the C|EH Official Course Material). Small changes are made, such as adding “As we discussed earlier” to the beginning of 20.1, but it’s all the same copied content.

Metasploit (Copied in verbatim from a Department of Defense FOUO (For Official Use Only) training course provided by the Defense Cyber Investigations Training Academy)

286

Blank Notes page

287-303

Cracking a Wireless (sic) (Copied in verbatim from a Department of Defense FOUO (For Official Use Only) training course provided by the Defense Cyber Investigations Training Academy)

304-309

Eavesdropping on VoIP (Written by Marc-Andre Meloche, and copied from Hakin9).

310

Blank Notes page

311-312

Hacking Cell Phone Voicemails (Originally written by Evans – 634 words) Somewhat evidenced by horrendous grammar and spelling, and a sense of prose that does not flow.

313-321

How to Become a Hacker… (Originally written is hard to say here. Much was copied from LIGATT’s own website, and most is from a usage manual that is included with IPSNITCH and PORTSNITCH. However, for Evans’ sake, we’ll say it is original – 1,489 words).

322

Blank Notes page

323

Making Money as Hacker (sic) (Originally written, as evidenced by Mr. Evans’ insistent loathing of IT Managers – 382 words).

You will find that many of the references are from NMRC.org, a site run by Simple Nomad. Simple Nomad developed the basic structure that Evans used to plan his table of contents, as well as originally developed the material used by Evans in his book. This was excellently written material, but is dated originally from 2000.

When all was said and done, I counted a total of 3,638 words that Evans had wrote in his own sections. This does not include rewriting of copied material. This adds up to a total of about 15 pages, once you include the numerous images and screenshots. The book has a content-page count of 303 pages. That means that Evans wrote a total of 5% of his book, and that's being generous, with the 22 images in chapter 25 alone . And the vast majority of his content was how to use products that his company sells, which could've been written by anyone on his staff.

The grey areas left are pages 253-285 and 287-303, from which a source has not been identified, but seems out of place with the rest of Evans' work. If Evans announces that he wrote this material, it would take his content up to 21%. But, until he does so, it just does not fall in line with the work he's produced in the past.

UPDATE: 29 Jun 2010 1927 - I had a thought last night. Going by page count alone, Evans "wrote" about 15 pages of content. However, what if we judged him based on words themselves? Original thought and not graphical imagery. I grabbed a sample page that was all text to see how much content is in a single page in his publishing style. Page 36 (6) came up to 425 words. If we work off words alone, then Evans would have written approximately it comes up to approximately 8.5 pages of content. So, almost half of what I claimed above. But, again, we need to look at things in context. The entire book was 95,547 words. That means that Evans' 3,638 words is 3.8% of the book's content.

And I may even throw Mr. Evans a very small bone here. Although he said that he wrote 60% of the book and outsourced the last 40% (which we can now see that he outsourced 95%), he may have been under the assumption that the material given to him was unique and not copied. However, if you are going to hit up Craigslist to find hackers to give you original hacking material (Source video, time marker 11:58). Find a person desperate for money and tell them to give you content on XYZ, and they'll copy it from Wikipedia. A TRUE publishing company would know better. By having ghost writers you are willingly taking credit for other people's work, and they give up their rights for a small profit. However, that also means that you take the hit if you did not properly vet and verify the material given to you. You put your name on that content; you cannot pass the buck to a ghost writer.

UPDATE: 21 Jul 2010 1530 - Gregory Evans recently gave a phone interview with Stock Talk 101 Radio. In this interview (time marker 6:45) he stated "I wrote the book - I did not - I put the book together, but yet, all the people who are actually saying that I plagiarized the book never read the book. They don't have copies of the book. The only thing they have is what was said by one person where this whole thing actually started and even in the book we um, we did not even discuss that this book was written by Greg or authored by Greg or any of that. I think it comes that is um a publication of Gregory Evans. It's like you know a movie and you say you have an executive producer who pays for everything. It's more like that. Because everything I paid for, all the stories and chapters except for the stuff that I actually wrote, all is in the book. And it's in there legitimately. And, again, to this day I still have yet anyone to come back and say "Greg, you stole my stuff" and contacted their attorneys and try to file a new claim. "

I'll make no response to that. You can read this article, and read his statement above, and make your own determinations.

UPDATE: 4 Jan 2014 1700 - As I'm no longer with the organization, which has no interest in pursuing the issue, I've updated the page to note that some of the content was plagiarized from my old agency. At the Defense Cyber Crime Center (DC3) is the Defense Cyber Investigations Training Academy (DCITA) for which I was the Deputy Technical Lead as a contractor. Two chapters of the book were taken from training material that the agency provided at a training event.

The two chapters in question are both derived from Department of Defense documentation classified as For Official Use Only.

253-285

Metasploit

287-303

Cracking a Wireless (sic)

Of note is the paragraph on page 301:

"Evidence collection methods of wired and wireless devices are quite similar, but outside the scope of this course. DCITA offers courses about the collection of potential evidence from the witness devices."